Google-UMD Cybersecurity Seminars

The Google and University of Maryland Cybersecurity Seminar Series is organized and hosted by the Maryland Cybersecurity Center. The series features a diverse group of speakers from industry, academia, and government, addressing a broad range of topics related to cybersecurity, including technology, policy, and economics. Invited speakers will also examine the impact that cybersecurity threats and protective measures are having on privacy, social networks, businesses and national security. The series will offer three seminars per semester, with a total of six per year.

For more information about the series or to join our seminar mailing list, please contact Carolyn Flowers at cflowers@umd.edu.

Spring 2015

The spring 2015 Google and University of Maryland Cybersecurity Seminar Series will continue in April with Dr. Susan Athey from the Stanford Institute Economics Policy Research. You can register for Dr. Athey's talk here https://talks.cs.umd.edu/talks/966

Susan Athey is the Economics of Technology Professor at Standford Graduate School of Business. She received her bachelor’s degree from Duke University and her PhD from Stanford, and she holds an honorary doctorate from Duke University. She previously taught at the economics departments at MIT, Stanford and Harvard.

She is a recipient of the John Bates Clark Medal. Her current research focuses on the economics of the internet, marketplace design, auction theory, the statistical analysis of auction data, and the intersection of econometrics and machine learning. She has focused on several applications, including timber auctions, internet search, online advertising, the news media, and virtual currency. She advises governments and businesses on the design of auction-based marketplaces. She has served as a long-term consultant for Microsoft Corporation since 2007, including a period as chief economist. She also serves as a long-term advisor to the British Columbia Ministry of Forests, helping to architect and implement their auction-based pricing system.

Some of the most widely used encryption algorithms that protect our cellular phone calls were designed in the 1980s and broken in the 1990s. In the decades since, computer security researchers have refined these attacks, ultimately demonstrating that phone calls and text messages can be intercepted with a few hundred dollars worth of off-the-shelf hardware and some open source software. Yet, in spite of the many research papers published and demonstrations at high-profile security conferences, little has been done. The phone companies, in the US and elsewhere, continue to operate networks that use weak crypto. These companies and government regulators that are responsible for communications networks have neither warned the public about the insecurity of traditional phone calls, nor advised them about the ways in which they can more securely communicate. Moreover, efforts by activists to obtain documents showing how these flaws are being exploited for surveillance by law enforcement and intelligence agencies have largely been blocked, as agencies claim that publishing that information will reveal classified information.

This talk, in part, is about the sorry state of our cellular communications networks. But it is also about the total failure of the computer security community to influence public policy, particularly when opposed by law enforcement and intelligence agencies, who want nothing to change and the public to be kept in the dark.

Bio:

Dubbed the “Ralph Nader for the Internet Age” by Wired and “the most prominent of a new breed of activist technology researchers” by the Economist, Christopher Soghoian works at the intersection of technology, law, and policy. A leading expert on privacy, surveillance, and information security, Soghoian is currently the Principal Technologist at the American Civil Liberties Union.

A TED Senior Fellow, Soghoian has been named a top innovator under 35 by the MIT Technology Review, an Engineering Hero by IEEE Spectrum, and a Tech Titan by Washingtonian magazine. Soghoian completed his Ph.D. at Indiana University in 2012, which focused on the role that Internet and telephone companies play in enabling government surveillance of their customers. ​

In order to gather data, he has made extensive use of the Freedom of Information Act and sued the Department of Justice pro se. His research has appeared in publications including the Berkeley Technology Law Journal and the Harvard Journal of Law & Technology, and has been cited by several federal and state courts, including including the 9th Circuit Court of Appeals and the New Jersey and Massachusetts Supreme Courts.

Dynamic Information Flow Tracking (DIFT) has been widely used in information and systems security to prevent disclosure of sensitive information and to identify certain types of program integrity violation. Motivated by these code-level security concerns, my group at Columbia University developed libDFT, one of the fastest DIFT mechanisms to date. The order-of-magnitude performance improvements we achieved led to my rethinking of the role of information flow in modern systems security, culminating in the creation of the DARPA Transparent Computing (TC) program. In this talk, I will provide my perspective on this 6-year research effort and some thoughts for the future.

Bio:

Angelos Keromytis is an associate professor of computer science at Columbia University and director of the Network Security Lab. He is currently on leave from Columbia, serving as a program manager with the Information Innovation Office (I2O) at DARPA. He previously served as Program Director for the Secure and Trustworthy Cyberspace (SaTC) program at the National Science Foundation. His research interests broadly cover systems and network security.

Fall 2014

The fall 2014 Google and University of Maryland Cybersecurity Seminar Series will begin on November 20 with Dr. David Brumley from Carnegie Mellon University. You can register for Dr. Brumley’s talk here https://talks.cs.umd.edu/talks/818

David Brumley is an Associate Professor at Carnegie Mellon University with a primary appointment in the Electrical and Computer Engineering Department and a courtesy appointment in the Computer Science Department. He is also the Technical Director of CyLab, the CMU cybersecurity laboratory. His research focuses on software security.

Prof. Brumley received his PhD in Computer Science from Carnegie Mellon University, an MS in Computer Science from Stanford University, and a BA in Mathematics from the University of Northern Colorado. He served as a Computer Security Officer for Stanford University from 1998-2002 and handled thousands of computer security incidents in that capacity. He is the faculty mentor for the CMU Hacking Team Plaid Parliament of Pwning (PPP), which is ranked internationally as one of the top teams in the world according to ctftime.org. The team was ranked #1 in 2011, #2 in 2012, and #1 in 2013, and won DefCon 2013. He received the USENIX Security best paper awards in 2003 and 2007, an ICSE distinguished paper award in 2014.

Prof. Brumley honors include being selected for the 2010 DARPA CSSP program and 2013 DARPA Information Science and Technology Advisory Board, a 2010 NSF CAREER award, a 2010 United States Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama (the highest award in the US for early career scientists according to wikipedia), and a 2013 Sloan Foundation award.

Previously, I was tenured faculty at Institute Eurecom (Graduate School and Research Center) in the French Riviera and before that, faculty at the Technical University of Vienna where I co-founded the Secure Systems Lab. Our lab has now become international and is distributed over five institutions and geographical locations.

My current research interests are in systems, software and network security (with focus on Web security, binary analysis, malware detection). Before that, I was mainly interested in distributed systems, software engineering and software architectures. I am not interested in theoretical security or crypto.

I am very fortunate to work with and have the privilege to advise some very bright Ph.D. students. I am very proud of their achievements! I've also been fortunate to work with some very smart and technically capable post-docs and collaborators around the world.

I personally enjoy writing code in different languages (e.g., C, Perl, C#, Java, [recently] Python) and am convinced that computer science students need to be language-independent ;-) I am trying to continue to code as much as possible -- although I have much more admin work to do now...

The title of his talk is: Actual Cryptography at the Age of Evolving EcosystemsView Slides (pdf)

Computational paradigms nowadays change, and global systems over word-wide networks evolve. Systems have to take this into account scale, growth, and increased scope. Building and maintaining active systems is an important part of the cloud, network computing, web services, etc. Cryptography as part of an active software system has to consider the existing and future constraints, the scale, the evolution, and the enhanced scope of successful systems. Actual customized cryptographic components that are secure, based on solid theory, yet are suitable for the new style of system global nature and evolution are needed, while, on the other hand, no methodology for such components exist! In this talk, I will review my experience regarding how the cryptographic protection of Google's global platform for display ads auctions (AdX) has been designed and evolved over the last few years.

The title of her talk is: The Continuing Quest for Secure and Usable Passwords

To combat both the inherent and user-induced weaknesses of text-based passwords, administrators and organizations typically institute a series of rules – a password policy – to which users must adhere when choosing a password. While a properly-written password policy might provide an organization with increased security, it is unclear just what such a well-written policy would be, or even how to determine whether a given policy is effective. Although it is easy to calculate the theoretical password space that corresponds to a particular password policy, it is difficult to determine the practical password space. Users may, for example, react to a policy rule requiring them to include numbers in passwords by overwhelmingly picking the same number, or by always using the number in the same location in their passwords. In addition, some password policies, while resulting in stronger passwords, may make those passwords difficult to remember or type

Fall 2013

The fall 2013 Google and University of Maryland Cybersecurity Seminar Series will open in October with three speakers bringing perspectives from industry, government, and academia.

Peleus Uhley is a senior security researcher within the Secure Software Engineering team at Adobe. His primary focus is assisting with Adobe platform technologies, including Flash Player and AIR. Prior to joining Adobe, Peleus started in the security industry as a developer for Anonymizer, Inc., and went on to be a security consultant for companies such as @stake and Symantec. Talk title will be available soon.

The title of his talk is: The SAFE Machine: An Architecture for Pervasive Information Flow
The CRASH/SAFE project is building a network host that is highly resiliant to cyber-attack. One pillar of the design is pervasive mechanisms for tracking information flow. At the lowest level, the SAFE hardware offers fine-grained tagging and efficient support for propagating and combining tags on each instruction dispatch. The operating system virtualizes these generic facilities to provide the information-flow abstract machine on which user programs run. In this talk, we'll take a guided tour of (a simplified model of) the SAFE hardware and software and an end-to-end proof of noninterference for this model.

Benjamin Pierce is Henry Salvatori Professor of Computer and Information Science at the University of Pennsylvania and a Fellow of the ACM. His research centers on programming languages, static type systems, language-based security, computer-assisted proof, concurrent and distributed programming, and synchronization technologies. His books include the widely used graduate texts Types and Programming Languages and Software Foundations. He serves as co-Editor in Chief of the Journal of Functional Programming, as Managing Editor for Logical Methods in Computer Science, and as editorial board member of Mathematical Structures in Computer Science and Formal Aspects of Computing. He is also the lead designer of the popular Unison file synchronizer.

Spring 2013

The title of his talk is: "Network Security Economics: Identifying Choke Points and Understanding Incentives to Improve Online Security." Dr. Christen is the Associate Director of the Information Networking Institute at Carnegie Mellon University.

The title of his talk will be "Aggregation and Distribution in Cloud Security." Dr. Juels received his B.A. in Latin Literature and Mathematics from Amherst College in 1991 and his Ph.D. in Computer Science from U.C. Berkeley in 1996.

Dr. Michael Franz is a Professor of Computer Science in the University of California, Irvine’s (UCI) Donald Bren School of Information and Computer Sciences, and the director of UCI’s Secure Systems and Software Laboratory. View slides from presentation (pdf).

Fall 2012

Úlfar Erlingsson leads efforts in security research at Google. Previously, he has been a researcher at Microsoft Research, an Associate Professor at Reykjavík University, Iceland, and led security technology at two startups: GreenBorder Technologies and deCODE Genetics. He holds a Ph.D. in Computer Science from Cornell University.

Two leaders–one from industry, one from academia—to open the fall 2012 semester. Kevin Mandia, Chief Executive Officer at MANDIANT, will speak on September 27th at 5:00 pm in the Kim Engineering Building Lecture Hall, Room 1110. The title of his talk will be “The State of the Hack.”

Dr. Wenke Lee, Professor in the School of Computer Science at Georgia Tech, will speak on November 8th at 5:00pm in the Computer Science Instructional Center (CSIC) Room 1115. Dr. Lee’s talk title is forthcoming. View slides from Dr. Lee's talk (pdf).

Spring 2012

The Google and University of Maryland Cybersecurity Seminar Series will close out the spring 2012 semester on April 19th at 5:30 p.m., in the Atrium of Van Munching Hall, by featuring Christopher Painter, the Cyber Coordinator at the US Department of State.